Assume we want use properties files realm for user auditing. On Geronimo server, deploy a module as followed:
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2";> <environment> <moduleId> <groupId>console.realm</groupId> <artifactId>test-realm</artifactId> <version>1.0</version> <type>car</type> </moduleId> <dependencies> <dependency> <groupId>org.apache.geronimo.framework</groupId> <artifactId>j2ee-security</artifactId> <type>car</type> </dependency> </dependencies> </environment> <gbean name="test-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep=" http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance";> <attribute name="realmName">test-realm</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log=" http://geronimo.apache.org/xml/ns/loginconfig-2.0";> <log:login-module control-flag="REQUIRED" wrap-principals="false"> <log:login-domain-name>test-realm</log:login-domain-name> < log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class> <log:option name="usersURI">var/security/demo_users.properties</log:option> <log:option name="groupsURI">var/security/demo_groups.properties</log:option> </log:login-module> </log:login-config> </xml-reference> </gbean> </module> Then deploy a client-side-realm for application client to authenticate with OpenEJB container as followed: <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2";> <environment> <moduleId> <groupId>console.realm</groupId> <artifactId>remote-openejb-realm</artifactId> <version>1.0</version> <type>car</type> </moduleId> <dependencies> <dependency> <groupId>org.apache.geronimo.framework</groupId> <artifactId>j2ee-security</artifactId> <type>car</type> </dependency> <dependency> <groupId>org.apache.geronimo.modules</groupId> <artifactId>geronimo-openejb</artifactId> <type>jar</type> </dependency> </dependencies> </environment> <gbean name="remote-openejb-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep=" http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance";> <attribute name="realmName">remote-openejb-realm</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log=" http://geronimo.apache.org/xml/ns/loginconfig-2.0";> <log:login-module control-flag="REQUIRED" wrap-principals="false"> <log:login-domain-name>remote-openejb-realm</log:login-domain-name> <log:login-module-class>org.apache.geronimo.openejb.OpenejbRemoteLoginModule</log:login-module-class> <log:option name="RemoteSecurityRealm">test-realm</log:option> <log:option name="ServerURI">ejbd://localhost:4201</log:option> </log:login-module> </log:login-config> </xml-reference> </gbean> </module> In your geronimo-application-client.xml, specify the client-side-realm module as its dependency and realm name. Aslo you need to profide your <callback-handler> as David J mentioned earlier. See the snippet as followed: <?xml version="1.0" encoding="UTF-8"?> <application-client xmlns=" http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"; xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"; xmlns:security="http://geronimo.apache.org/xml/ns/security-2.0"; xmlns:connector="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2";> <sys:client-environment> <sys:moduleId> <sys:groupId>org.apache.geronimo.samples</sys:groupId> <sys:artifactId>Myclient</sys:artifactId> <sys:version>2.2.0</sys:version> <sys:type>jar</sys:type> </sys:moduleId> <sys:dependencies> <sys:dependency> <sys:groupId>console.realm</sys:groupId> <sys:artifactId>remote-openejb-realm</sys:artifactId> <sys:version>1.0</sys:version> <sys:type>car</sys:type> </sys:dependency> </sys:dependencies> </sys:client-environment> <sys:server-environment> <sys:moduleId> <sys:groupId>org.apache.geronimo.samples</sys:groupId> <sys:artifactId>MyServer</sys:artifactId> <sys:version>2.2.0</sys:version> <sys:type>jar</sys:type> </sys:moduleId> <sys:dependencies> <sys:dependency> <sys:groupId>console.realm</sys:groupId> <sys:artifactId>remote-openejb-realm</sys:artifactId> <sys:version>1.0</sys:version> <sys:type>car</sys:type> </sys:dependency> </sys:dependencies> </sys:server-environment> <realm-name>remote-openejb-realm</realm-name> <callback-handler>org.apache.geronimo.samples.Myclient.appClient. MyCallbackHandler</callback-handler> </application-client> Hope this helpls. Jeff C On Tue, Apr 6, 2010 at 11:16 PM, Sarah.kho <[email protected]> wrote: > > Hi, > > I studied the page but it does not have the name of the deployment > descriptor which I should include those sample code inside it. should I > include them inside the geronimo-application-client.xml? > > it also says that the realm should also be specified at the server side. i > think it means in the openejb-jar.xml. can you give me the sample snippet > for that one as well? > > thanks > -- > View this message in context: > http://n3.nabble.com/when-using-an-application-client-to-consume-a-secure-ejb-who-perform-the-authentication-tp699700p700639.html > Sent from the Users mailing list archive at Nabble.com. >
